PRIVACY
POLICY

PRIVACY

From May 25, 2018, the new General Data Protection Regulation (EU Regulation 679/2016 – General Data Protection Regulation) is applied in all European Union countries, with the aim of ensuring better protection of personal data and privacy.
Personal data is information that directly or indirectly allows the identification of a natural person.
In order to harmonize the national legislation with the European regulation, Legislative Decree 101/2018 was issued in Italy, in force since September 19, 2018.

LIST S.p.A. has appointed a Data Protection Officer (DPO) that each user can freely contact, if he has questions about the policies and practices adopted by the company.
The Data Protection Officer can be contacted by writing to dpo-privacy@list-group.com
On this page, information can be viewed in accordance with the General Data Protection Regulations – GDPR relating to data protection of the various categories of data subjects for the processing that users concerns them.

Notifications on the processing of personal data:

LIST S.P.A., with registered office at via Pietrasantina, 123, 56122 Pisa (PI), VAT IT00928190503, as Data Controller and Owner of the Website, informs, pursuant to art. 13 of the EU Regulation n. 679/2016 (hereinafter “Regulation”), that personal data, including the particular categories of personal data pursuant to art. 9 of the Regulation, freely communicated by the user and acquired by LIST S.p.A. will be processed lawfully, fairly and in transparent manner, according to the purposes and the methods specified below.

  1. Type of data processed
    We may collect various categories of personal data relating to the user, including:

Data provided voluntarily by the user: the optional, explicit and voluntary sending of information by request information form on this site, automatically involves the subsequent acquisition of:

  • any personal data (i.e. Name, surname, email, company and telephone number);
  • any data related to CV included in the form.

Browser data: the computer systems and software procedures used to operate this website acquire some personal data during normal operations, which can be implicitly transmitted by using the Internet communication protocols.
This information is not gathered for the purposes of its association with the identified data subjects, but by its very nature, it could enable the users to be identified when processed and associated with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by visitors to the website, the addresses of the requested resources in URI (Uniform Resource Identifier) form, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code which indicates the status of the response provided by the server (successfully delivered, error, etc.) and other parameters relative to the user’s operating system and IT environment.
This data is only used to process anonymous statistical information on the use of the website and monitor it is functioning smoothly and is erased immediately after processing. The data could be used to verify the liability of the user should cyber crimes be committed, which could damage the website.

Cookies: Please read our Cookies Policy.

2. Purposes of treatment
The above data will be processed for the following purposes:

  • allow the user to use the Website;
  • provide assistance to the user and respond to requests for information;
  • recruitement of employees;
  • comply with laws or judicial procedures.

3. Optional nature of data conferral
Without prejudice to the terms specified for the browsing data, the user is free to provide his personal data in the registration forms for the services on LIST’s official website. Failure to provide such data could make it impossible to obtain what requested.

4. Processing methods
Data processing, related to the web services of this website, takes place at the head office of LIST S.p.A. and is only performed by authorized persons. Your personal data is processed using automated tools. Specific technical and organisational security measures are in place to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

5. Communication and dissemination of data
No personal data resulting from the website service will be communicated or disclosed to third parties.

6. Personal data retention period
Personal data provided by user are retained for no longer than is necessary for the purposes for which the personal data are processed.

7. Rights of the data subjects
The Data Subjects can exercise the rights referred to in art. 15, 16, 17, 18, 19, 20, 21 and 22 of the EU Regulation 2016/679.
The rights mentioned above may be exercised by a request submitted to the Owner:

  • via mail to: LIST Spa, Via Pietrasantina, 123, 56122, Pisa (PI); or
  • via e-mail to: privacy@list-group.com.

8. Complaint with the supervisory authority
Without prejudice to any other administrative and judicial appeal, if the data subject considers that the processing of data concerning him / her violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, he has the right to lodge a complaint with the Data Protection Officer.

9. Contact of Data Protection Officer (DPO)
Data Protection Officer
Lungarno Gambacorti, 55 56125, Pisa 
Phone: +39 050 50 00 82
Fax: +39 050 22 00 479
E-mail DPO: dpo-privacy@list-group.com

12 Oct 2019 Data Controller

LIST S.P.A, with registered office in via Pietrasantina, 123, 56122 Pisa (PI), Italy, VAT 00928190503 as Data Controller (hereinafter referred to as the “Controller”), hereby informs you that, pursuant to the EU Regulation n. 679/2016 (hereinafter referred to as the “Regulation”), all personal data communicated by You and acquired by us for the management and execution of the contract to which this information is attached, will be treated lawfully, in a fair and transparent manner with the purposes and methods indicated below.

1. Type of data
We may collect various categories of personal data necessary to fulfill the purposes indicated in point 2, including:

  • identification and personal data (eg name, surname, identity document, passport number, place and date of birth);
  • contact information (eg e-mail address and address);
  • images acquired by the video surveillance system.

2. Legal Basis and Purpose of Personal Data Processing
Your data indicated in point 1 will be processed for the following purposes and with the following legal basis:
fulfill the obligations and exercise the pre-contractual and contractual rights provided by the report;
fulfill legal obligations;
for the pursuit of the legitimate interest of the holder in terms of physical security of company offices and for the protection of company assets.
If the Data Controller intends to process the data for purposes other than those indicated above, you will be provided with adequate information on the matter prior to such further processing.

3. Modalities of Processing
Your data indicated in point 1 might be processed manually, computer or telematic systems, in accordance with art. 32 of the Regulation, by authorized staff specifically appointed to this task, as art. 29 of the Regulation.

4. Recipients
Your data indicated in point 1 will be communicated exclusively to the specifically authorized subjects in compliance with the provisions of art. 29 of the Regulation.

5. Communication and Data disclosure
Your data indicated in point 1 may also be communicated to the competent Authorities of European or Non-European countries to provide answers to their requests in accordance with the regulation applicable time by time. Personal data are not object to disclosure.

6. Transfer of personal data outside the European Economic Area
Given the international presence of the LIST S.p.A, and in order to optimise the quality of the services provided, LIST S.p.A. may have to transfer the personal data collected to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union. In this case, LIST S.p.A. ensures the protection of personal data by signing Standard Contract Clauses or other protection tools defined by law.

7. Data Retention
Your data indicated in point 1 will be kept for the period of time necessary for the pursuit for which the data were collected and in compliance with the time limits prescribed by the law.

8. Rights
As an interested party, you can exercise your rights as per art. 15, 16, 17, 18, 19, 20, 21 and 22 of the Regulation and, more specifically, the Controller must provide the Data Subject with the following information:
a) as per art. 15, the confirmation that his or her personal data are being proceeded and, in that case, granted access to this information;
b) as per art. 16, the rectification, without undue delay, of inaccurate personal data him or her;
c) as per art. 16, the integration of incomplete personal data, also by providing a supplementary statement;
d) as per art. 17, the erasure of personal data concerning the data subject without unjustified delay, without prejudice to the specific legal obligations of the Controller, and if the conditions set forth in this article are satisfied;
e) as per art. 18, the restriction of processing of personal data, without prejudice to the specific legal obligations of the Controller and if the conditions set forth in this article are satisfied;
f) as per art. 20, data subjects shall have the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, with the exception of the Controller’s specific law obligations or legitimate interests in charge of the Controller, and if the conditions set forth in this article are satisfied;
g) as per art. 21, data subjects have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on this provision, without prejudice to specific legal obligations or legitimate interests in charge of the Controller, you have the right to object, on grounds relating to your particular situation.
As per art. 19, in case of exercise by the interested party of the rights of the articles 16, 17 and 18 of the Regulations, the Controller shall notify each of the recipients to whom the personal data have been transmitted, any rectifications, erasures or limitations of the processing performed, unless this proves impossible or involves a disproportionate effort. The Controller shall inform you about the recipients, if you request it.
Without prejudice to any other administrative and judicial appeal, every Data Subject shall have the right to lodge a complaint with the Data Protection Supervisor, if the processing of his or her personal data are believed to violate the EU Regulation 2016/679 under art. 15 letter f) of the aforementioned Regulation.

9. How to Exercise your Rights
The aforementioned rights might be exercised by sending a written request to the Controller:
List S.P. A, Via Pietrasantina, 123, 56122, Pisa (PI), Italy; or
E-mail: privacy@list-group.com

10. Contact Details of Data Protection Officer
Data Protection Officer
Lungarno Gambacorti, 55 56125, Pisa 
Phone: +39 050 50 00 82
Fax: +39 050 22 00 479
E-mail DPO: dpo-privacy@list-group.com
12 Oct 2019 Data Controller

LIST S.P.A, with registered office in via Pietrasantina, 123, 56122 Pisa (PI), Italy, VAT 00928190503 as Data Controller (hereinafter referred to as the “Controller”), hereby informs you that, pursuant to the EU Regulation n. 679/2016 (hereinafter referred to as the “Regulation”), all personal data communicated by You and acquired by us for the management and execution of the contract to which this information is attached, will be treated lawfully, in a fair and transparent manner with the purposes and methods indicated below.

1. Type of data
We may collect various categories of personal data necessary to fulfill the purposes indicated in point 2, including:

  • identification and personal data of yours employees,
  • contact information of yours employees.

2. Legal Basis and Purpose of Personal Data Processing
Your data indicated in point 1 will be processed for the following purposes and with the following legal basis:
fulfill the obligations and exercise the pre-contractual and contractual rights provided by the report;
fulfill legal obligations;
for the pursuit of the legitimate interest of the holder in terms of physical security of company offices and for the protection of company assets.
If the Data Controller intends to process the data for purposes other than those indicated above, you will be provided with adequate information on the matter prior to such further processing.

3. Modalities of Processing
Your data indicated in point 1 might be processed manually, computer or telematic systems, in accordance with art. 32 of the Regulation, by authorized staff specifically appointed to this task, as art. 29 of the Regulation.

4. Recipients
Your data indicated in point 1 will be communicated exclusively to the specifically authorized subjects in compliance with the provisions of art. 29 of the Regulation.

5. Communication and Data disclosure
Your data indicated in point 1 may also be communicated to the competent Authorities of European or Non-European countries to provide answers to their requests in accordance with the regulation applicable time by time. Personal data are not object to disclosure.

6. Transfer of personal data outside the European Economic Area
Given the international presence of the LIST S.p.A, and in order to optimise the quality of the services provided, LIST S.p.A. may have to transfer the personal data collected to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union. In this case, LIST S.p.A. ensures the protection of personal data by signing Standard Contract Clauses or other protection tools defined by law.

7. Data Retention
Your data indicated in point 1 will be kept for the period of time necessary for the pursuit for which the data were collected and in compliance with the time limits prescribed by the law.

8. Rights
As an interested party, you can exercise your rights as per art. 15, 16, 17, 18, 19, 20, 21 and 22 of the Regulation and, more specifically, the Controller must provide the Data Subject with the following information:
a) as per art. 15, the confirmation that his or her personal data are being proceeded and, in that case, granted access to this information;
b) as per art. 16, the rectification, without undue delay, of inaccurate personal data him or her;
c) as per art. 16, the integration of incomplete personal data, also by providing a supplementary statement;
d) as per art. 17, the erasure of personal data concerning the data subject without unjustified delay, without prejudice to the specific legal obligations of the Controller, and if the conditions set forth in this article are satisfied;
e) as per art. 18, the restriction of processing of personal data, without prejudice to the specific legal obligations of the Controller and if the conditions set forth in this article are satisfied;
f) as per art. 20, data subjects shall have the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, with the exception of the Controller’s specific law obligations or legitimate interests in charge of the Controller, and if the conditions set forth in this article are satisfied;
g) as per art. 21, data subjects have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on this provision, without prejudice to specific legal obligations or legitimate interests in charge of the Controller, you have the right to object, on grounds relating to your particular situation.
As per art. 19, in case of exercise by the interested party of the rights of the articles 16, 17 and 18 of the Regulations, the Controller shall notify each of the recipients to whom the personal data have been transmitted, any rectifications, erasures or limitations of the processing performed, unless this proves impossible or involves a disproportionate effort. The Controller shall inform you about the recipients, if you request it.
Without prejudice to any other administrative and judicial appeal, every Data Subject shall have the right to lodge a complaint with the Data Protection Supervisor, if the processing of his or her personal data are believed to violate the EU Regulation 2016/679 under art. 15 letter f) of the aforementioned Regulation.

9. How to Exercise your Rights
The aforementioned rights might be exercised by sending a written request to the Controller:
List S.P. A, Via Pietrasantina, 123, 56122, Pisa (PI), Italy; or
E-mail: privacy@list-group.com

10. Contact Details of Data Protection Officer
Data Protection Officer
Lungarno Gambacorti, 55 56125, Pisa 
Phone: +39 050 50 00 82
Fax: +39 050 22 00 479
E-mail DPO: dpo-privacy@list-group.com
12 Oct 2019 Data Controller

LIST S.P.A, with registered office in via Pietrasantina, 123, 56122 Pisa (PI), Italy, VAT 00928190503 as Data Controller (hereinafter referred to as the “Controller”), hereby informs you that, pursuant to the EU Regulation n. 679/2016 (hereinafter referred to as the “Regulation”), all personal data communicated by You and acquired by us for the management and execution of the contract to which this information is attached, will be treated lawfully, in a fair and transparent manner with the purposes and methods indicated below.

1. Type of data
We may collect various categories of personal data necessary to fulfill the purposes indicated in point 2, including:

  • identification and personal data;
  • contact info;
  • images acquired by the video surveillance system.

2. Legal Basis and Purpose of Personal Data Processing
Your data indicated in point 1 will be processed for the following purposes and with the following legal basis:
fulfill the obligations and exercise the pre-contractual and contractual rights provided by the report;
fulfill legal obligations;
for the pursuit of the legitimate interest of the holder in terms of physical security of company offices and for the protection of company assets.
If the Data Controller intends to process the data for purposes other than those indicated above, you will be provided with adequate information on the matter prior to such further processing.

3. Modalities of Processing
Your data indicated in point 1 might be processed manually, computer or telematic systems, in accordance with art. 32 of the Regulation, by authorized staff specifically appointed to this task, as art. 29 of the Regulation.

4. Recipients
Your data indicated in point 1 will be communicated exclusively to the specifically authorized subjects in compliance with the provisions of art. 29 of the Regulation.

5. Communication and Data disclosure
Your data indicated in point 1 may also be communicated to the competent Authorities of European or Non-European countries to provide answers to their requests in accordance with the regulation applicable time by time. Personal data are not object to disclosure.

6. Transfer of personal data outside the European Economic Area
Given the international presence of the LIST S.p.A, and in order to optimise the quality of the services provided, LIST S.p.A. may have to transfer the personal data collected to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union. In this case, LIST S.p.A. ensures the protection of personal data by signing Standard Contract Clauses or other protection tools defined by law.

7. Data Retention
Your data indicated in point 1 will be kept for the period of time necessary for the pursuit for which the data were collected and in compliance with the time limits prescribed by the law.

8. Rights
As an interested party, you can exercise your rights as per art. 15, 16, 17, 18, 19, 20, 21 and 22 of the Regulation and, more specifically, the Controller must provide the Data Subject with the following information:
a) as per art. 15, the confirmation that his or her personal data are being proceeded and, in that case, granted access to this information;
b) as per art. 16, the rectification, without undue delay, of inaccurate personal data him or her;
c) as per art. 16, the integration of incomplete personal data, also by providing a supplementary statement;
d) as per art. 17, the erasure of personal data concerning the data subject without unjustified delay, without prejudice to the specific legal obligations of the Controller, and if the conditions set forth in this article are satisfied;
e) as per art. 18, the restriction of processing of personal data, without prejudice to the specific legal obligations of the Controller and if the conditions set forth in this article are satisfied;
f) as per art. 20, data subjects shall have the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, with the exception of the Controller’s specific law obligations or legitimate interests in charge of the Controller, and if the conditions set forth in this article are satisfied;
g) as per art. 21, data subjects have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on this provision, without prejudice to specific legal obligations or legitimate interests in charge of the Controller, you have the right to object, on grounds relating to your particular situation.
As per art. 19, in case of exercise by the interested party of the rights of the articles 16, 17 and 18 of the Regulations, the Controller shall notify each of the recipients to whom the personal data have been transmitted, any rectifications, erasures or limitations of the processing performed, unless this proves impossible or involves a disproportionate effort. The Controller shall inform you about the recipients, if you request it.
Without prejudice to any other administrative and judicial appeal, every Data Subject shall have the right to lodge a complaint with the Data Protection Supervisor, if the processing of his or her personal data are believed to violate the EU Regulation 2016/679 under art. 15 letter f) of the aforementioned Regulation.

9. How to Exercise your Rights
The aforementioned rights might be exercised by sending a written request to the Controller:
List S.P. A, Via Pietrasantina, 123, 56122, Pisa (PI), Italy; or
E-mail: privacy@list-group.com

10. Contact Details of Data Protection Officer
Data Protection Officer
Lungarno Gambacorti, 55 56125, Pisa 
Phone: +39 050 50 00 82
Fax: +39 050 22 00 479
E-mail DPO: dpo-privacy@list-group.com
12 Oct 2019 Data Controller

LIST S.P.A, with registered office in via Pietrasantina, 123, 56122 Pisa (PI), Italy, VAT 00928190503 as Data Controller (hereinafter referred to as the “Controller”), hereby informs you that, pursuant to art. 13 of the EU Regulation n. 679/2016 (hereinafter referred to as the “Regulation”), your personal data, by you freely communicated and acquired by us, will be processed in a lawful, correct and transparent manner, in relation to the purposes stated below:

1. Source of Personal Data
The collection of your personal data is done by recording the data you provide yourself, as an interested party, upon access to the LIST S.p.A. premises, in the electronic visitors register at the reception.

2. Legal Basis and Purpose of Personal Data Processing
Your data will be processed for the following purposes and with the following legal basis:

  • pursuing the legitimate interests of the owner in terms of physical security of the company’s offices and the safeguarding of corporate assets.

If the Data Controller intends to process the data for purposes other than those indicated above, you will be provided with adequate information on the matter prior to such further processing.

3. Mandatory Nature
Data provision is optional but in its absence the access to LIST S.p.A premises will not be granted.

4. Modalities of Processing
Personal data might be processed manually, via computer or telematic systems, in accordance with art. 32 of the Regulation, by authorized staff specifically appointed to this task, as per art. 29 of the Regulation.

5. Communication
Your personal data shall be processed exclusively by the personnel of LIST S.p.A. identified as an authorized subject to treatment, without prejudice to any competent judicial or police authority consultation.

6. Data Dissemination
Your data will not in any case be disseminated.

7. Data Retention
Your personal data will be kept for the period of time necessary for the pursuit for which the data were collected in compliance with the time limits prescribed by the law.

8. Rights of the Data Subject
As an interested party, you can exercise your rights as per art. 15, 16, 17, 18, 19, 20, 21 and 22 of the Regulation and, more specifically, the Controller must provide the Data Subject with the following information:
a) as per art. 15, the confirmation that his or her personal data are being proceeded and, in that case, granted access to this information;
b) as per art. 16, the rectification, without undue delay, of inaccurate personal data him or her;
c) as per art. 16, the integration of incomplete personal data, also by providing a supplementary statement;
d) as per art. 17, the erasure of personal data concerning the data subject without unjustified delay, without prejudice to the specific legal obligations of the Controller, and if the conditions set forth in this article are satisfied;
e) as per art. 18, the restriction of processing of personal data, without prejudice to the specific legal obligations of the Controller and if the conditions set forth in this article are satisfied;
f) as per art. 20, data subjects shall have the right to receive the personal data concerning him or her, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, with the exception of the Controller’s specific law obligations or legitimate interests in charge of the Controller, and if the conditions set forth in this article are satisfied;
g) as per art. 21, data subjects have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on this provision, without prejudice to specific legal obligations or legitimate interests in charge of the Controller, you have the right to object, on grounds relating to your particular situation.
As per art. 19, in case of exercise by the interested party of the rights of the articles 16, 17 and 18 of the Regulations, the Controller shall notify each of the recipients to whom the personal data have been transmitted, any rectifications, erasures or limitations of the processing performed, unless this proves impossible or involves a disproportionate effort. The Controller shall inform you about the recipients, if you request it.

9. How to Exercise your Rights
The aforementioned rights might be exercised by sending a witten request to the Controller:
List S.P. A, Via Pietrasantina, 123, 56122, Pisa (PI), Italy; or
E-mail: privacy@list-group.com

10. Complaint to the Supervisory Authority
Without prejudice to any other administrative and judicial appeal, every Data Subject shall have the right to lodge a complaint with the Data Protection Supervisor, if the processing of his or her personal data are believed to violate the EU Regulation 2016/679 under art. 15 letter f) of the aforementioned Regulation.

11. Contact Details of Data Protection Officer
Data Protection Officer
Lungarno Gambacorti, 55 56125, Pisa 
Phone: +39 050 50 00 82
Fax: +39 050 22 00 479
E-mail DPO: dpo-privacy@list-group.com
12 Oct 2019 Data Controller